tags:

views:

770

answers:

3
+2  Q: 

Scripting.Filesystemobject filemove, writefile not working from javascript in IE browser (workarounds, doc?)

I know it's a huge security hole to use Scripting.Filesystemobject from javascript in the browser. I heard a rumor that MS is locking down this hole in the latest version of Office. This would be bad news for the enterprise web app I am working on, which has a few critical functions which depend on access to Scripting.Filesystem object, like writing out xml files or moving audio files.

I have tried but failed to find any 'hard' documentation on this, and while my local dev box exhibits this behavior, others' machines here (which do not have latest version of anything except IE) do not exhibit the behavior. If anyone can point me towards documentation confirming this - and or a workaround that does not involve creating an activeX control - I would be very grateful.

Thank you!

A: 

You wouldn't, shouldn't ever access the users files system through a browser, for legit or illegit reasons.

The very, very best case example of accessing local storage is done through systems like Google Gears, and even those systems are often argued against by web/thin client purists.

altCognito  2010-01-26 14:35:29
altCognito, <heavy sigh> I know this. I didn't design this app, came into it on this gig. Just looking for viable interim solutions while we 'make it real'. Thanks for the hint on google gears.
Alexx  2010-01-26 15:12:55
A: 

This article kb240797 discusses IE kill bits. In the registry you will find this key:-

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility

Under which you will find a set of CLSIDs (the CLSID for FileSystemObject is: {0D43FE01-F093-11CF-8940-00A0C9054228}). If the "Compatibility Flags" value has the bit 1024 (0x400) on (the kill bit) the activex component is blocked.

I've also heard that MS have or are planning to kill FileSystemObject but I haven't seen this officially and it isn't true on my current system. However it could be that they may internaly block it such a way that even fiddling with the kill bit won't help.

AnthonyWJones  2010-01-26 14:55:01
Thanks Anthony! I had checked this before and the only "Flags" value under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D43FE01-F093-11CF-8940-00A0C9054228}\iexplore was "Flags" and set to 0. I searched the entire registry for all entries pertaining to that CLSID but didn't find any "compatibility flags" entry. What I find especially interesting is that I cannot write new files, but if I attempt to move an existing file (created with an AX component), the prior axiom results in my file disappearing (since it gets moved from its location but not into the new one).
Alexx  2010-01-26 15:19:50
Are you sure you're not barking up the wrong tree. Sounds to me like a plain old file permissions problem to me.
AnthonyWJones  2010-01-26 16:01:53
That could be, tho' I am admin on the box. All this stuff worked before installing updates, which is my biggest clue that it's not permissions. I've tried rolling back the updates but that just really messed things up.
Alexx  2010-01-26 16:26:54
A: 

I don't know if this helps, but I've heard nothing along the lines of FileSystemObject being deprecated. I'd love to see your sources for this. Another thing to note is that the last "major" ActiveX control to be deprecated for being a security risk was CAPICOM, but this was announced with the release of Vista and finally removed in Windows 7. The documentation was also changed to reflect this deprecation and suggest alternatives well in advance.

Many (MANY!) shell scripts rely on FileSystemObject for file operations, so I find it hard to believe it would be deprecated without an alternative being provided. If it makes a difference, FileSystemObject is still accessible from Windows Desktop Gadgets which run on the IE engine.

Andy E  2010-01-26 19:30:55
Please see comments from Mr. Jiang http://social.msdn.microsoft.com/Forums/en/iewebdevelopment/thread/27092b49-7d3e-4d86-9ffb-223a26037c3f
Alexx  2010-05-21 16:44:42
@Alexx: Indeed, that is interesting and I'm glad you found an answer to your question. I will try to be more helpful next time you have an ActiveX related question ;-)
Andy E  2010-05-21 19:24:05

related questions

What JavaScript patterns do you use most?
Javascript events
What style do you use for creating an "class" in JavaScript?
Graphing JavaScript Library
What's the difference in closure style
Getting the text from a drop-down box
How to specify javascript to run when ModalPopupExtender is shown
Length of Javascript Associative Array
How Do I Post and then redirect to an external URL from ASP.Net?
How to set up a CSS switcher in ASP.NET
Wrapping lists into columns
Javascript keyboard events primer? (or rather: help me with my custom dropdown)
Http Auth in a Firefox 3 bookmarklet
Best Debugging Tools for JavaScript/xulrunner Development
How can I turn a string of HTML into a DOM object in a Firefox extension?
Call ASP.NET Function From Javascript?
Javascript troubleshooting tools in IE
MAC addresses in JavaScript
Capturing TAB key in text box
CSS Background Color in Javascript
How can I make the browser see CSS and Javascript changes?
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP .Net Custom Client-Side Validation
What JavaScript library would you choose for a new project and why?
Detecting font in JavaScript